Jason Lixfeld wrote:
...Has there been development of some sort of intelligent unix land app that can understand Cisco syslog output, find the abuse departments of the sourcing networks and send them off a nice little FYI?
With rare exceptions, I'd say don't bother, even if you do come up with such a thing. I've actually sent off two in the past week, which is my normal total for the month (any month). One was to a machine that was agressively testing identd (and starting to annoy me) on every machine in my netblock (it's little, but it's mine). The other was more interesting. A tool that had been used to attack imap servers earlier this year has apparently been modified to hit FTP instead. The common bond is the user name "lizdy", which is only one of the multiple of names attempted. If you're curious, hit google with the words (lizdy ftp), and you'll come up with a few machines already hit by it. One of the machines that hit was an NT machine in a block that had an actual abuse dept, and I thought the owner would probably want to know. I got a nice response back, and I'd bet that it was probably taken care of. The others were also owned, but out of networks where I know that they just won't care. Pity there's no way to let the owner of the machine know, but that's just life. A "nice little FYI" will just be adding to the brownian motion of the internet as we know it today. On those rare cases where you have the time, and are sure of the target, of course, send something off. Just please don't automate it. Oh, and I no longer have an internet facing FTP server (that tool hits about 200-400 times in less than 5 seconds...really abusive). -- Open source should be about giving away things voluntarily. When you force someone to give you something, it's no longer giving, it's stealing. Persons of leisurely moral growth often confuse giving with taking. -- Larry Wall